httprequesthttp-status-codes

What is the appropiate http status code to give, when a user is using an unallowed authorization method?


For context, I am working on an API in postman, where an http request can be authorized using an api key or basic authentication.

I was using 401 as a status code if a different authorization method was used. Is there a more suitable status code for that?


Solution

  • I think the appropriate status code would be 405 - method not allowed. But also status code 401 - unauthorized would work. More accurate would be the 405.